Skip to main content
Springer Nature Link
Log in

A Siamese-Based Approach for Network Intrusion Detection Systems in Software-Defined Networks

  • Conference paper
  • First Online:
Future Data and Security Engineering. Big Data, Security and Privacy, Smart City and Industry 4.0 Applications (FDSE 2023)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1925))

Included in the following conference series:

  • 781 Accesses

Abstract

Recently, a new approach to networking called Software-Defined Networking (SDN) has emerged based on the idea of separating the centralized control plane from the data plane, which simplifies network management and meets the needs of modern data centers. However, the centralized nature of SDN also introduces new security risks that could hamper widespread SDN adoption, such as single points of failure. The controller is a critical vulnerability since an attacker who compromises it can control traffic routing and severely disrupt the network. SDN is still an emerging technology, utilizing deep learning for Network Intrusion Detection Systems (NIDS) is an effective security solution that could enable more accurate and adaptive threat detection to against attacks targeting vulnerabilities introduced by centralized control. In this paper, we describe a Siamese-based method for NIDSs in SDN. When it comes to the process of training and testing models based on Siamese Networks, making effective pairs is a key strategy that can have a considerable impact on the outcome. To prevent overfitting, we enhance the data pairing both within and across classes. The findings of our methodology demonstrate a notable enhancement in the efficacy of NIDS, resulting in an accuracy rate of approximately 100%. This estimated accuracy exceeds that of baseline methods. The study’s conclusions facilitate the development of reliable IDS systems tailored for SDN environments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. ONF. Software-Defined Networking (SDN) Definition. https://www.opennetworking.org

  2. Karakus, M., Durresi, A.: Quality of service (QoS) in software defined networking (SDN): a survey. J. Netw. Comput. Appl. 80, 200–218 (2017). https://doi.org/10.1016/j.jnca.2016.12.019. ISSN: 1084-8045

    Article  Google Scholar 

  3. Alhaj, A.N., Dutta, N.: Analysis of security attacks in SDN network: a comprehensive survey. In: Sarma, H.K.D., Balas, V.E., Bhuyan, B., Dutta, N. (eds.) Contemporary Issues in Communication, Cloud and Big Data Analytics. LNNS, vol. 281, pp. 27–37. Springer, Singapore (2022). https://doi.org/10.1007/978-981-16-4244-9_3

    Chapter  Google Scholar 

  4. Dargahi, T., Caponi, A., Ambrosin, M., Bianchi, G., Conti, M.: A survey on the security of stateful SDN data planes. IEEE Commun. Surv. Tutor. 19(3), 1701–1725 (2017)

    Article  Google Scholar 

  5. Elsayed, M.S., Le-Khac, N.-A., Jurcut, A.D.: InSDN: a novel SDN intrusion dataset. IEEE Access 8, 165263–165284 (2020)

    Article  Google Scholar 

  6. O’Shea, K., Nash, R.: An introduction to convolutional neural networks. arXiv preprint arXiv:1511.08458 (2015)

  7. Li, Z., et al.: A survey of convolutional neural networks: analysis, applications, and prospects. IEEE Trans. Neural Netw. Learn. Syst. 33(12), 6999–7019 (2021)

    Article  MathSciNet  Google Scholar 

  8. Bromley, J., et al.: Signature verification using a “siamese” time delay neural network. In: Advances in Neural Information Processing Systems, vol. 6 (1993)

    Google Scholar 

  9. Koch, G., Zemel, R., Salakhutdinov, R.: Siamese neural networks for one-shot image recognition. In: International Conference on Machine Learning, Lille, France, pp. 1–8 (2015)

    Google Scholar 

  10. Jeong, Y., Lee, S., Park, D., Park, K.H.: Accurate age estimation using multi-task siamese network-based deep metric learning for frontal face images. Symmetry 10(385), 1–15 (2018)

    Google Scholar 

  11. Zhang, C., Liu, W., Ma, H., Fu, H.: Siamese neural network based gait recognition for human identification. In: International Conference on Acoustics, Speech and Signal Processing (ICASSP), Shanghai, China, pp. 2832–2836. IEEE (2016)

    Google Scholar 

  12. Tang, T.A., Mhamdi, L., McLernon, D., Zaidi, S.A.R., Ghogho, M.: Deep learning approach for network intrusion detection in software defined networking. In: 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM), Fez, Morocco, pp. 258–263 (2016). https://doi.org/10.1109/WINCOM.2016.7777224

  13. Abubakar, A., Pranggono, B.: Machine learning based intrusion detection system for software defined networks, pp. 138–143 (2017). https://doi.org/10.1109/EST.2017.8090413

  14. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: Proceedings of the IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6. IEEE (2009)

    Google Scholar 

  15. Elsayed, M.S., Le-Khac, N.-A., Dev, S., Jurcut, A.D.: Machine-learning techniques for detecting attacks in SDN. In: 2019 IEEE 7th International Conference on Computer Science and Network Technology (ICCSNT) (2019). https://doi.org/10.1109/iccsnt47585.2019.8962519

  16. Said Elsayed, M., Le-Khac, N.-A., Dev, S., Jurcut, A.D.: Network anomaly detection using LSTM based autoencoder. In: Proceedings of the 16th ACM Symposium on QoS and Security for Wireless and Mobile Networks (Q2SWinet 2020), pp. 37–45. Association for Computing Machinery, New York (2020). https://doi.org/10.1145/3416013.3426457

  17. Li, D., Yu, C., Zhou, Q., Yu, J.: Using SVM to detect DDoS attack in SDN network. In: IOP Conference Series: Materials Science and Engineering, vol. 466, p. 012003 (2018). https://doi.org/10.1088/1757-899X/466/1/012003

  18. Lee, T.-H., Chang, L.-H., Syu, C.-W.: Deep learning enabled intrusion detection and prevention system over SDN networks. In: 2020 IEEE International Conference on Communications Workshops (ICC Workshops), Dublin, Ireland, pp. 1–6 (2020). https://doi.org/10.1109/ICCWorkshops49005.2020.9145085

  19. Draper-Gil, G., Lashkari, A.H., Mamun, M.S.I., Ghorbani, A.A.: Characterization of encrypted and VPN traffic using time-related. In: Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP), pp. 407–414 (2016)

    Google Scholar 

  20. Krishnan, P., Duttagupta, S., Achuthan, K.: VARMAN: multi-plane security framework for software defined networks. Comput. Commun. 148, 215–239 (2019)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Le Quy Don Technical University, Hanoi, Vietnam

    Dinh Hoang Nguyen & Nam Khanh Tran

  2. University College Dublin, Dublin, Ireland

    Nhien-An Le-Khac

Authors
  1. Dinh Hoang Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nam Khanh Tran
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nhien-An Le-Khac
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dinh Hoang Nguyen .

Editor information

Editors and Affiliations

  1. Ho Chi Minh City University of Industry and Trade, Ho Chi Minh City, Vietnam

    Tran Khanh Dang

  2. Johannes Kepler University of Linz, Linz, Austria

    Josef Küng

  3. Sungkyunkwan University, Suwon-si, Korea (Republic of)

    Tai M. Chung

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nguyen, D.H., Tran, N.K., Le-Khac, NA. (2023). A Siamese-Based Approach for Network Intrusion Detection Systems in Software-Defined Networks. In: Dang, T.K., Küng, J., Chung, T.M. (eds) Future Data and Security Engineering. Big Data, Security and Privacy, Smart City and Industry 4.0 Applications. FDSE 2023. Communications in Computer and Information Science, vol 1925. Springer, Singapore. https://doi.org/10.1007/978-981-99-8296-7_14

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-8296-7_14

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-8295-0

  • Online ISBN: 978-981-99-8296-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation